Abstract

Mobile Network Operators’ (MNOs) role as keystone players in the smartphone business ecosystem is challenged by other actors and technologies that could reduce the importance of the Universal Integrated Circuit Card (UICC, aka the SIM card). Modern UICC are Java Cards that include a Global Platform conformant Secure Element currently under the MNOs control. We argue that there is an opportunity in the smartphone business ecosystem to offer easy access for customers and service providers to the Secure Element on the UICC for storing data and for installing and executing applications with high demands for security. The MNOs could let the customers own and manage their private Global Platform specified Supplementary Security Domain on the Secure Element, thereby enabling new business models for services using this asset. We have designed and implemented SecurePlay, a client side, proxy based “lightweight” Trusted Service Manager (TSM) prototype and have successfully used it to manage Secure Elements on UICC in the Telenor operated mobile phone network in Norway. SecurePlay is a novel technical approach to management of the Secure Element, which allows operators to cost efficiently enable end-user ownership and operation of their own private security. A proof-of-concept prototype of the proxy based TSM is presented and business aspects are discussed.